We as an industry have more jobs that we can fill, we need to have high skilled workers in United States and we need to also welcome high skilled workers from other countries, said Victoria A Espinel.Surabhi Agarwal | ET Bureau | March 22, 2017, 08:53 IST

Encryption is one of the main tools companies use to protect their customers and clients, said Victoria A Espinel.US has more technology jobs that it can fill and the country needs highly skilled workers to keep innovating, said Victoria A Espinel, President and CEO, Business Software Alliance, an international policy think tank for the software industry.

In an interview with ET’s Surabhi Agarwal, Espinel also spoke about how government should not try to break into encrypted data, cyber-security and the Indian patent regime. Edited Excerpts:

BSA has come out with some encryption principals, what triggered them?

Encryption is one of the main tools companies use to protect their customers and clients. There is a debate going on across governments on what are the right rules on how law enforcement can get access to information that companies hold.

We work with many law enforcement agencies but we are concerned that some approaches that the governments have been talking about would undermine security and they would do more harm than good.

And one of them is undermining encryption. We understand that it is a complicated issue and there are a lot of different interests at stake. So that was our motivation for working on the encryption principals.

We have tried to put at one place all the different interests and motivations that we think important for this debate. In the US, there concerning the Apple and the FBI, they got a lot of attention and but it was withdrawn later but the underline issue was not resolved, so the debate has been stopped. We would like to restart that debate.

India has really low encryption standards for companies and government’s efforts to redraft the policy have met with a lot of criticism. What should be the right approach?

It is important that there should be some flexibility in the regulation, innovation in cybersecurity and encryption happens very quickly, so having a standard that is really frozen in time seems like a bad idea to us. If the government has to set standards, we would like them to be aligned globally and flexible to make room for the innovation happening in the future.

Indian government keeps complaining that companies do not share information with them. Is building backdoors the answer?

I don’t represent Facebook and Google so I don’t speak to them but Microsoft and Symantec which are our companies work with governments around the world.

When they had the terrorist attacks in Paris, even though some of the information was stored in servers in Redmond, it was in the hands of the French Police within 45 minutes. So information is definitely shared when it is lawfully requested and when our companies have access to it.

What we are concerned about is that in cases where the information is encrypted and the governments are trying to break the encryption or trying to get the information through a backdoor, or requiring that the key to the information be held somewhere, those approaches could end up in the hands of bad actors.

India has seen a massive spurt in digital transactions. What should it do to protect against possible cyber attacks?

One thing it should do is to have really strong encryption, because if the financial information is encrypted and someone does manage to break into it, they won’t be able to use it. As part of Digital India, it should promote cybersecurity and strong encryption policies.

With the Donald Trump administration in the US, there are concerns regarding the free flow of people, about the whole outsourcing model itself. What is your view?

From our perspective, we as an industry have more jobs that we can fill, we need to have high skilled workers in United States and we need to also welcome high skilled workers from other countries. So anything that puts it at risk or makes it more difficult for our industry to get highly skilled workers it needs in order to keep innovating, is a concern.

Do you think India is doing enough on protecting and promoting the intellectual property rights?

We have some concerns regarding the CRI (Computer Related Inventions) guidelines but generally speaking over the past decade, India has been committed to the IP and the IP system has been good and has been improving. We do have concerns as anywhere in the world and we want to make sure that true software innovation in the world can be protected.

What are thoughts on free flow of data across borders and possible restrictions in the future?

We think it is really important for data to move across borders, it is very important for the US economy, it is very important for the Indian economy. And it is not an area where we have international rules, there is a hole in the global trading system.

We would advocate that the government of India and all governments around the world promote policies to make it as frictionless as possible to data to move back and forth.

It would be good for India if Indian companies have certainty and predictability that they would be able to send data overseas and they would be able to receive data back here. And right now they don’t as there aren’t any international frameworks.

So right now if Europe decided to cut off India data flows then there is not much India could do about it. There is no WTO agreement or any other international agreement that says Europe can’t cut India off. What you have are bilateral agreements between governments but you don’t have an overarching international framework for it.